99% what you think you know about Information Security and Hacking is bullcrap, and they know it.
Over the last months security breaches seems to have become more frequent, so much that they barely make the news.
The way media talk about this stuff is widely incorrect. Journalists and media in general seem to think working in IT Security is like being in an episode of CSI:Cyber.
Well, I've never laughed that much watching a sitcom. Do people really believe this is true?
All those GUI interfaces where you see stuff like "hacking main generator", yeah really...
Have you ever spent a day tracking server logs?
Have you ever tried making reconnaissance on a server?
Have you ever used a Linux shell in your life? Have you ever written a shell script?
Have you ever cussed at a command line interface, because your network configuration fails to load?
Well, I knew it.
Wasted breath.
Sadly most people talking about that don't have a clue.
A bunch of companies reduce their security posture to a 360° product suite.
You install our security solution and we got you covered blah blah blah
Sadly, a software solution isn't everything. The persons who need to use it are the most vulnerable and decisive link in the chain, and the most overlooked.
An efficient security solution can be only produced by thinking like a potential attacker.
X-ray your network and find the blind spots where an attacker could hit and cause harm.
Patch them asap.
Hack yourself, can you go in? Yes?
Well, if you do, everyone can.
And by the way, lose any hope; there are backdoors anywhere.
You think Linux is safe per se? Backdoors were found in Linux distros, too.
I read something about Arch Linux yesterday. A vulnerability would allow an attacker to open a shadow shell.
Even though this news needs to be verified, the thing wouldn't totally surprise me.
Intelligence agencies don't like you using encryption.
There's a reason why the NSA is mad at Apple. I've seen a CNN special yesterday where the Director of National Intelligence Agency stated encryption made their job much harder.
In fact, terrorists use encrypted channels like Telegram app, and it's much harder for agencies to snoop into your communications if they're hardened by a strong encryption.
So they got around the problem and made sure you install an operating system already compromised and vulnerable, for them to spy on you.
I know they need to monitor bad guys and kudos to them for doing it, but why do we need to trade up our privacy for this?
Cyber security (it would be about time people used the correct term: information security) is complex, hard to handle and multifaceted.
It's a war, fought every minute on virtual fronts that can dramatically impact real life (infrastructure, transportation, energy production, etc.) but no one seems to realize the importance of all this.
Knowledge can't be monitored or controlled. We have a shared, free of charge access to knowledge that can allow anyone in any corner of the world to become dangerous, or a genius.
Any teenager with access to the Internet can learn how to create a virus, sniff a network, crack a password, etc.
We're too weak and vulnerable, get over it.
Let's go from here and change things around.
Let's share knowledge: knowledge is power.
Let's share knowledge: knowledge is power.
Comments
Post a Comment